Solved: Disable SSH Weak Ciphers

rab ngl · ‎09-25-2017

We noticed that the SSH server of Cisco ESA is configured to use the weak encryption algorithms (arcfour, arcfour128 & arcfour256, cbc) and mac algorithms (hmac-sha1 and hmac-md5).

My question is:

How to disable SHA1 key algorithms?

How to disable CBC mode ciphers and use CTR mode ciphers?

How to disable 96-bit HMAC Algorithms?

Thanks.

Libin Varghese · ‎09-25-2017

You can modify the ciphers in use from the command line of the appliance using command "sshconfig".

- Libin V

View solution in original post

Robert Sherwin · ‎09-27-2017

Articles that may help you:

Prevent Negotiations for Null or Anonymous Ciphers on the ESA and SMA

Alter the Methods and Ciphers Used with SSL/TLS on the ESA

SSL Cipher Strength Details

Cheers,
Robert Sherwin